Acquiring tokens with username and password
Important. There is currently a bug on the service side affecting users whose passwords has URL unfriendly characters. For details see Error in token acquisition when password contains special characters #1492
For historical reasons, ADAL.NET supports in some platforms (.NET framework) the user name and password flow.
In general Microsoft does not advise customers to use it as it's less secure than the other flows, and it is not compatible with conditional access (if the resource requires conditional access, the call to AcquireTokenSilent will just fail, given that this is not an interactive flow, the STS does not have an opportunity to present a dialog to the user to tell him/her that s/he needs to do multiple factor authentication).
For more information about why you want to avoid using this grant, you can, for instance read the following article which explains why Microsoft is working to make passwords a thing of the past
You can get a token with a username and password by calling the same override as for the integrated windows authentication. You need to instanciate a UserPasswordCredential, and use the corresponding override of AcquireTokenAsync:
result = await context.AcquireTokenAsync(resource, clientId, new UserPasswordCredential("[email protected]", johnsPassword));
Note that this method is not available part of the
AuthenticationContextclass, but as anAcquireTokenAsyncextension method of theAuthenticationContextIntegratedAuthExtensionsclass. This extension method takes as a parameter, in addition to the resource and clientId of the public client application an instance ofUserCredential, which in fact is, in the case of username/password, an instance ofUserPasswordCredential.
The username/password override is actually not an override, but an extension method. If you need to use this flow in PowerShell please see the comments in issue #1130
| Sample | Description |
|---|---|
| active-directory-dotnet-native-headless | A windows desktop program that demonstrates non-interactive authentication to Azure AD using a username & password and optionaly windows integrated authentication. 
|